Critical severityNVD Advisory· Published May 25, 2020· Updated Aug 4, 2024
CVE-2020-13485
CVE-2020-13485
Description
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
verbb/knock-knockPackagist | < 1.2.8 | 1.2.8 |
Affected products
2- Craft CMS/Knock Knock plugindescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-wxvr-qqm7-6h65ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-13485ghsaADVISORY
- github.com/verbb/knock-knock/blob/craft-3/CHANGELOG.mdghsax_refsource_MISCWEB
- limpidsecurity.pl/security-advisories/1/knock-knock-plugin-for-craft-cmsghsaWEB
- limpidsecurity.pl/security-advisories/1/knock-knock-plugin-for-craft-cms/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.